| 468b9e48 |
.\" Manual page created by Tomasz Kojm, 14/15 IV 2002 |
| 6761e1ee |
.TH "clamscan" "1" "November 9, 2004" "Tomasz Kojm" "Clam AntiVirus" |
| 468b9e48 |
.SH "NAME"
.LP |
| a0faaedf |
clamscan \- scan files and directories against viruses |
| 468b9e48 |
.SH "SYNOPSIS"
.LP
clamscan [options] [file/directory/\-]
.SH "DESCRIPTION"
.LP |
| 521b19b4 |
clamscan is a command line anti\-virus scanner. It's a part of the Clam AntiVirus package. |
| 468b9e48 |
.SH "OPTIONS"
.LP
.TP
\fB\-h, \-\-help\fR |
| 521b19b4 |
Print help information and exit. |
| 468b9e48 |
.TP
\fB\-V, \-\-version\fR |
| 521b19b4 |
Print version number and exit. |
| 468b9e48 |
.TP
\fB\-v, \-\-verbose\fR |
| a0faaedf |
Be verbose.
.TP
\fB\-\-debug\fR |
| 521b19b4 |
Enable debug messages (from libclamav). |
| 468b9e48 |
.TP
\fB\-\-quiet\fR |
| 521b19b4 |
Be quiet (only print error messages). |
| 468b9e48 |
.TP
\fB\-\-stdout\fR |
| 521b19b4 |
Write all messages to the standard output (stdout) instead of the standard error output (stderr). |
| 468b9e48 |
.TP
\fB\-d FILE/DIR, \-\-database=FILE/DIR\fR |
| 521b19b4 |
Load virus database from FILE or load all virus database files from DIR. |
| 468b9e48 |
.TP
\fB\-l FILE, \-\-log=FILE\fR |
| 521b19b4 |
Save scan report to FILE. |
| 468b9e48 |
.TP
\fB\-\-tempdir=DIRECTORY\fR
Create temporary files in DIRECTORY. Directory must be writeable for the 'clamav' user or unprivileged user running clamscan.
.TP |
| c2484690 |
\fB\-\-leave\-temps\fR
Do not remove temporary files.
.TP |
| 468b9e48 |
\fB\-r, \-\-recursive\fR |
| 521b19b4 |
Scan directories recursively. All the subdirectories in the given directory will be scanned. |
| 468b9e48 |
.TP |
| ead674a2 |
\fB\-\-bell\fR
Sound bell on virus detection.
.TP
\fB\-\-no\-summary\fR |
| a0231a19 |
Do not display summary at the end of scanning. |
| 468b9e48 |
.TP
\fB\-\-exclude=PATT\fR
Don't scan file names containing PATT. It may be used multiple times.
.TP
\fB\-\-include=PATT\fR
Only scan file names containing PATT. It may be used multiple times.
\fB\-i, \-\-infected\fR |
| a0faaedf |
Only print infected files. |
| 468b9e48 |
.TP
\fB\-\-remove\fR
Remove infected files. \fBBe careful.\fR |
| a0faaedf |
.TP |
| 468b9e48 |
\fB\-\-move=DIRECTORY\fR
Move infected files into DIRECTORY. Directory must be writeable for the 'clamav' user or unprivileged user running clamscan.
.TP |
| 94da957a |
\fB\-\-no\-mail\fR
Disable scanning of mail files.
.TP |
| c2484690 |
\fB\-\-no\-pe\fR
PE stands for Portable Executable \- it's an executable file format used in all 32\-bit versions of Windows operating systems. By default ClamAV performs deeper analysis of executable files and tries to decompress popular executable packers such as UPX. This option \fBdisables\fR PE support and is not recommended ! |
| 468b9e48 |
.TP |
| 5aad82e2 |
\fB\-\-no\-ole2\fR
Disable support for Microsoft Office document files.
.TP |
| 2fe19b26 |
\fB\-\-no\-html\fR
Disable support for HTML detection and normalisation.
.TP |
| ead674a2 |
\fB\-\-no\-archive\fR |
| 468b9e48 |
Disable archive support built in libclamav.
.TP |
| f8355d13 |
\fB\-\-detect\-broken\fR
Mark broken executables as viruses (Broken.Executable).
.TP |
| 8373a9b0 |
\fB\-\-block\-encrypted\fR |
| 5aad82e2 |
Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
.TP |
| 728f8802 |
\fB\-\-block\-max\fR |
| a43d2099 |
Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit) if max\-files, max\-space, or max\-recursion is reached. |
| 728f8802 |
.TP |
| 94da957a |
\fB\-\-mail\-follow\-urls\fR
If an email contains URLs ClamAV can download and scan them. \fBWARNING: This option may open your system to a DoS attack. Never use it on loaded servers.\fR
.TP |
| 468b9e48 |
\fB\-\-max\-files=#n\fR |
| 521b19b4 |
Extract first #n files from each archive. This option protects your system against DoS attacks (default: 500) |
| 468b9e48 |
.TP
\fB\-\-max\-space=#n\fR |
| 521b19b4 |
Extract first #n kilobytes from each archive. You may give the number in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 10 MB) |
| 468b9e48 |
.TP
\fB\-\-max\-recursion=#n\fR |
| 6761e1ee |
Set archive recursion level limit. This option protects your system against DoS attacks (default: 8). |
| 468b9e48 |
.TP |
| a19f21b6 |
\fB\-\-max\-ratio=#n\fR
Set maximum archive compression ratio limit. This option protects your system against DoS attacks (default: 200).
.TP |
| 468b9e48 |
\fB\-\-unzip[=FULLPATH]\fR |
| 521b19b4 |
In most cases you don't need this option \- the built\-in unarchiver will do extract Zip archives. This option however may be used as a backup for internal unpacker \- see the full documentation for more information. When enabled without an argument, unzip program will be searched in $PATH. If unzip cannot be found in $PATH, you must force it with =pathname. Remember about '=' between the option and an argument. |
| 468b9e48 |
.TP
\fB\-\-unrar[=FULLPATH]\fR |
| 521b19b4 |
Scan .rar files. |
| 468b9e48 |
.TP
\fB\-\-unarj[=FULLPATH]\fR |
| 521b19b4 |
Scan .arj files. |
| 468b9e48 |
.TP
\fB\-\-unzoo[=FULLPATH]\fR |
| 521b19b4 |
Scan .zoo files. |
| 468b9e48 |
.TP
\fB\-\-lha[=FULLPATH]\fR |
| 521b19b4 |
Scan .lzh files. |
| 468b9e48 |
.TP
\fB\-\-jar[=FULLPATH]\fR |
| 521b19b4 |
clamscan uses unzip for .jar files, so optionally eventually you will need to pass a full path to unzip. |
| 468b9e48 |
.TP
\fB\-\-deb[=FULLPATH]\fR
This option supports debian binary packages. Implies \-\-tgz, but doesn't conflict with \-\-tgz=FULLPATH. It requires ar utility.
.TP
\fB\-\-tar[=FULLPATH]\fR
This option supports non\-compressed archives.
.TP
\fB\-\-tgz[=FULLPATH]\fR |
| 521b19b4 |
This option supports tar.gz and .tgz files. You need GNU tar, on non\-Linux system you probably have it installed as gtar. If it's in $PATH, please use \-\-tgz=gtar in other case please pass a full path. |
| 468b9e48 |
.SH "EXAMPLES"
.LP
.TP |
| 521b19b4 |
(0) Scan selected file: |
| 468b9e48 |
\fBclamscan file\fR
.TP |
| 521b19b4 |
(1) Scan current working directory: |
| 468b9e48 |
\fBclamscan\fR
.TP |
| a0faaedf |
(2) Scan all files (and subdirectories) in /home: |
| 468b9e48 |
\fBclamscan \-r /home\fR
.TP |
| 521b19b4 |
(3) Load database from selected file and limit disk usage to 50 Mb: |
| 468b9e48 |
|
| a0faaedf |
\fBclamscan \-d /tmp/newclamdb \-\-max\-space=50m \-r /tmp\fR |
| 468b9e48 |
.TP |
| 521b19b4 |
(4) Scan data stream: |
| 468b9e48 |
\fBcat testfile | clamscan \-\fR
.TP |
| 521b19b4 |
(5) Scan mail spool directory: |
| 468b9e48 |
|
| a1257f14 |
\fBclamscan \-r /var/spool/mail\fR |
| 468b9e48 |
.SH "RETURN CODES"
.LP |
| 521b19b4 |
Note: some return codes may only appear in a one file mode (clamscan is started with file argument). Those are marked with \fB(ofm)\fR. |
| 468b9e48 |
0 : No virus found.
.TP
1 : Virus(es) found.
.TP
40: Unknown option passed.
.TP |
| a0faaedf |
50: Database initialization error. |
| 468b9e48 |
.TP
52: Not supported file type.
.TP
53: Can't open directory.
.TP
54: Can't open file. (ofm)
.TP
55: Error reading file. (ofm)
.TP
56: Can't stat input file / directory.
.TP |
| 521b19b4 |
57: Can't get absolute path name of current working directory. |
| 468b9e48 |
.TP |
| 521b19b4 |
58: I/O error, please check your filesystem. |
| 468b9e48 |
.TP
59: Can't get information about current user from /etc/passwd.
.TP
60: Can't get information about user 'clamav' (default name) from /etc/passwd.
.TP
61: Can't fork.
.TP
63: Can't create temporary files/directories (check permissions).
.TP |
| 521b19b4 |
64: Can't write to temporary directory (please specify another one). |
| 468b9e48 |
.TP
70: Can't allocate and clear memory (calloc).
.TP
71: Can't allocate memory (malloc).
.SH "CREDITS"
Please check the full documentation for credits.
.SH "AUTHOR"
.LP |
| a0faaedf |
Tomasz Kojm <tkojm@clamav.net> |
| 468b9e48 |
.SH "SEE ALSO"
.LP |
| 521b19b4 |
clamdscan(1), freshclam(1) |